Title :
Fast pattern matching in compressed data packages
Author :
Berger, Michael S. ; Mortensen, Brian B.
Author_Institution :
DTU Fotonik, Tech. Univ. of Denmark, Lyngby, Denmark
Abstract :
This paper targets deep packet classification (Layer 4-7) for applications within Firewalls and Intrusion Detection/prevention systems (IDS/IPS). Specifically targeting string matching applications, this paper will focus on processing of web-content, HTTP, at high speed (>;10 Gigabit). The main contribution of this work is in the field of combined payload search and HTTP decompression. In general, decompression is difficult to perform at wire-speed due to the additional data-amounts generated, which means that a decompressed 10 Gbit/s link could contain e.g. 30-40 Gigabit data. This paper presents a method which makes it is possible to find a match in the data packages of the data stream without the need for searching in the decompressed data stream, thereby avoiding the possibility of "data explosions".
Keywords :
authorisation; data compression; hypermedia; pattern classification; string matching; HTTP; Web-content processing; compressed data packages; data explosions; deep packet classification; firewalls; intrusion detection systems; intrusion prevention systems; pattern matching; string matching; Compressed data; Firewall; HTTP; Intrusion detection; Pattern Match; Security;
Conference_Titel :
GLOBECOM Workshops (GC Wkshps), 2010 IEEE
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-8863-6
DOI :
10.1109/GLOCOMW.2010.5700208
